L.S Haturusinha, Y.Y Landersz, A.U.H Gamage, P.N Pathiranage, G.T.D Rodrigo, M.P.A.W. Gamage
Sri Lanka Institute of Information Technology
Abstract - PGP Mail Gateway is a backend server which acts like a gateway for mail encryption and decryption with digital signature using industry standards available on open source environment. It is designed to be deployed even on an existing mail server or as a separate backend service where it will provide email security through GPG (open source version of PGP) encryption. Therefore this system will not route emails but will handle only email encryption and decryption. PGP Mail Gateway will serve the purpose of providing email security to a business entity which requires a low cost but highly secure solution with user interactivity kept at a minimum.
Keywords- PGPMG - PGP Mail Gateway, RFC – Request for Comments, Cryptography - is the practice and study of techniques for secure communication, Cypher text – text with cryptography applied on them , Encryption – turning plain text in to cypher text, Decryption, SMTP – Simple Mail Transfer Protocol. I. INTRODUCTION
Email is apparently the most popular mode of communication in the world. An email is considered an open postcard which traverses through internet where anyone can read it. Thus, it goes through an unprotected network before it reaches the destination. Several RFCs on enhancing the privacy of emails have been put forward by different groups in order to bring more secure platform to the user .
However, several cryptographic methods are available such as symmetric-key encryption, Caesar’s cipher and public key cryptography . By using these methods several data encryption methods have been implemented.
A. Pretty Good Privacy (PGP)
This data encryption and decryption program is often used for signing, encrypting, decrypting texts, files, etc… PGP has both features of both conventional and public key cryptography. PGP follows the Open PGP standards (RFC 4880) for data encryption .
B. GNU Privacy Guard (GPG)
It is the alternative to PGP Suite. GPG is compliant with RFC 4880 which is the current IETF standards track specification of OpenPGP. GPG is a part of Free Software Foundation’s GNU software project.
C. Secure/Multipurpose Internet Mail Extensions (S/MIME)
This is a standard used for public key encryption and signing of MIME data. S/MIME provides authentication, message integrity and non-repudiation of origin using digital signatures and data security.
Even though these programs are available, people hardly use them with their email communications. Companies invest a lot in security and especially on their email system because their business process is highly dependent on emails.
Let’s consider the typical mail server system of an organization. Normally this is placed inside the De-Militarized Zone (DMZ) of the network. Emails passed within organizational network will not travel through internet. But when an email needs to be sent between two organizations of in different networks, it will travel through internet. When a user, who is using probably an email client such as Mozilla Thunderbird or Microsoft Outlook or Webmail, wants to send an email to the another person outside of the network it will be using internet as the communication mode. As a result, anyone with the right tools can view the email and will be able to change the passing message. Also the middle person can send modified messages to both sides. So there’s a question of authenticity, integrity and privacy. Without proper email security, organizations might have to face such situations .
As mentioned above, there are security measures such as PGP/GPG or S/MIME that can be adapted to the company security policy. But there’s another issue that a company has to face when introducing these methods to...